According to industry analysts Gartner, 95% of new electronic product produced in 2020 will contain IoT capabilities, and medical devices are no exceptions. Connected medical devices are among the fastest growing sector in the medical technology, or MedTech, sector, with a Deloitte report estimating that the connected medical device segment and the internet of medical things (IoMT) will be worth $52.2 billion by 2022, up from $14.9 billion just five years before.
Yet despite this growth, there remain some important challenges to the connected medical device industry, including the connectivity challenge themselves:
- Securing the software on the device. There needs to be a ‘chain of trust’ with a provisioning mechanism to secure exchanges and a ‘root of trust’ to ensure that security is maintained from the point of manufacture.
- Delivering software updates remotely and over the air. Connected medical devices are no different to any other IoT device and will occasionally demand software updates. These updates need to be delivered remotely and over the air (OTA), with implanted devices a particular challenge for updates.
- Securing data either in a semi-public or private cloud, or choosing to embrace edge computing. Personal medical information is among the most confidential data an individual can share. It is imperative that the data gathered by connected medical devices is secured either in a semi-public or private cloud, or that edge computing with its pre-processing of data on the device itself is embraced instead.
The Software Challenges
- Devices must meet medical standards
- Alignment with FDA, ISO 13485 and IEC 62304 standards
- Varied levels of criticality from Class A (no strong patient impact) to Class C (strong impact, risk of death)
- Investment costs versus return on investment
The Witekio Response
- Assessment of the device and its environment from the hardware to the cloud
- Isolate features of the device that pose a risk to the software
- Implement hypervisors to further isolate different software environments
- Separate critical processing functionality from the data transfer environment
Software is fundamental to meeting the challenges of the connected medical device sector.
Connected medical devices present challenges to manufacturers and software developers alike. The industry rests in a fragile balance between two universes that have almost contradictory states. On the one hand there is the internet of things (IoT) universe where constant connectivity, sharing as much information as possible, and connecting devices to each other and the cloud is standard operating procedure. On the other hand there is the personal, confidential, and privacy focused universe of health care information that must be secured and is barely compatible with the high-connectivity and data sharing of the IoT world.
The resulting IoMT sector relies on software to strike this balance and ensure that end user patients can have confidence that their personal information is being securely managed, and manufacturers and MedTech companies can offer innovative connected medical devices that take full advantage of the IoT and the IoMT.
Three ways Witekio delivers value for connected medical devices
Applying extensive expertise in secure software systems to connected medical devices
Witekio has been dedicated to market leading embedded software for nearly 20 years. Its team of more than 100 developers, architects, consultants, and experts has worked with some of the world’s leading MedTech and connected medical device manufacturers on projects that range from hardware development to cloud software solutions. They have added value to the architecture, design, and development of all software layers and understand the specific constraints of the medical device industry.
Witekio engineers develop a multi-level start-up system known as a chain of trust. This chain connects the hardware, bootloader, system, and the business application with an asymmetrical cryptography system of public and private keys. Each link in this chain signs and validates the authenticity of the next link in the chain and secures the exchange before this next link is started.
Witekio can work with manufacturers on the certificate keys that are written in the device at the time of its manufacture and develop a root of trust with certificates that give authority to factories and subcontractors.
Advising manufacturers on their cloud computing options, and powering their choice
Connected medical devices need to share their data and the IoT and IoMT models demand the use of cloud computing. However, manufacturers and MedTech companies need to choose between a semi-public or a private cloud, with each having their own advantages and disadvantages for the connected medical device company.
Already certain cloud computing providers are offering specialized solutions for the connected medical device industry. These specialized solutions have Health Data Hosting (HDS) certification to ensure the security of the confidential health data when it is stored and also in its transfer to the cloud. Niche providers like VH Healthcare or FollowMed sit alongside cloud giants such as Google and Microsoft who leverage their respective GCP and Azure infrastructure to offer Google Healthcare and Microsoft HealthVault to the IoMT market.
Alternatively, a connected medical device company might choose a private cloud computing option. While offering full control over security and data storage, there can be infrastructure and architecture issues that arise that challenge operations staff and that can stretch both tempers and budgets.
Witekio engineers are experienced in working with both semi-public and private clouds and can help device vendors to choose the best option for their connected medical device and embed the software that will power that choice. Should the vendor choose to adopt a data pre-processing and edge computing model, Witekio also has the experience and capacity to power that choice, too.
Empowering remote and OTA software updates
It’s a fact that no software system is infallible, and over time all will require updates for performance or security reasons. When flaws in the software are identified, where corrections to embedded code are required, or where upgrades to performance or functionality are available, the software on the connected medical device needs to be updated.
Yet many connected medical devices offer unique challenges to companies seeking to update their software packages. While adding a new interface or new features to a stand-alone Class A machine in a hospital environment might be as relatively simple as pushing an OTA update in a period of extended downtime, a Class C device that is implanted in a patient is another matter altogether.
Witekio has developed the experience to empower remote and OTA software updates to connected medical devices and its regime of testing that ensures that software updates put the safety, confidentiality, and security of patients first.